Lucene search
PRIOn knowledge basePRION:CVE-2023-44381HistoryDec 01, 2023 - 10:15 p.m.
Design/Logic Flaw
2023-12-0122:15:00
PRIOn knowledge base
www.prio-n.com
2
october cms
authenticated user
permissions
php code execution
safe mode
patch
version 3.4.15
security flaw
October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safe_mode being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15.
Related
nvd
nvd
CVE-2023-44381
2023-12-01 22:15:09
osv
osv
October CMS safe mode bypass using Page template injection
2023-11-29 21:33:16
cve
cve
CVE-2023-44381
2023-12-01 22:15:09
cvelist
cvelist
CVE-2023-44381 October CMS safe mode bypass using Page template injection
2023-12-01 21:48:44
veracode
veracode
Template Injection
2023-11-30 06:51:35
github
github
October CMS safe mode bypass using Page template injection
2023-11-29 21:33:16